Skip to content
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Branch: master
Clone or download
Latest commit 8b92cc4 May 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.externalToolBuilders init version Jul 4, 2018
.settings init version Jul 4, 2018
screenshots jpeg screenshots Jul 6, 2018
src init version Jul 4, 2018
.classpath init version Jul 4, 2018
.gitignore Rewritten the build.xml to be compatible with ant. Jul 10, 2018
.project init version Jul 4, 2018
CHANGELOG v0.1 Jul 4, 2018
LICENSE
README.md Update README.md May 4, 2019
build.xml Rewritten the build.xml to be compatible with ant. Jul 10, 2018

README.md

Burp Suite HTTP Smuggler

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group.

The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually. See the references for more details.

Next versions will include more techniques and possible bug fixes.

Example Screenshots

AppSec EU 18 - example1

AppSec EU 18 - example2

References:

Released under AGPL v3.0 see LICENSE for more information

You can’t perform that action at this time.